China-Nexus Threat Actor Actively Exploiting Ivanti Endpoint Manager Mobile (CVE-2025-4428) Vulnerability - #CVE-2025-4427
Critical vulnerabilities CVE-2025-4427 and CVE-2025-4428 in Ivanti Endpoint Manager Mobile (EPMM) have been identified, enabling unauthenticated remote code execution (RCE) attacks. These flaws, stemming from authentication bypass and expression language injection respectively, affect multiple EPMM versions and are being actively exploited by threat actors, including Chinese APT groups. The vulnerabilities pose significant risks to various sectors globally, including critical infrastructure, healthcare, and government institutions. Ivanti has released patches, and organizations are urged to update immediately or implement mitigations. Additionally, a separate critical vulnerability (CVE-2025-31324) in SAP NetWeaver is being exploited by Chinese APT groups, targeting critical infrastructure worldwide. These incidents underscore the importance of prompt patching, continuous vulnerability management, and proactive cybersecurity measures in enterprise environments.